Companies unprepared for data privacy risks

• Survey finds that 61% of companies do not strictly enforce all levels of compliance with laws and regulations
• 53% of respondents think a data breach would not adversely impact their reputation or financial position

MANY organizations lack the business behaviors and compliance practices necessary to adequately address growing consumer and regulatory concerns about data security and privacy, according to a new study by communications agency Edelman.
 
The Edelman Privacy Risk Index (ePRI) was developed in partnership with the Ponemon Institute, and surveyed 6400 corporate privacy and security executives from 29 countries.
 
Jules Polonetsky, director and co-chair of the Future of Privacy Forum said that companies increasingly understand that using data effectively will lead to innovation, better consumer services and smarter marketing.
 
“But all of these new uses of personal information also create risks that if mishandled could undermine consumer trust and lead to restrictive regulation,” he said.
 
Polonetsky added that the study shows that many of the front line employees who are managing compliance don’t believe that they have the necessary practices, protocols and behaviors in place to safeguard against financial or reputational damage.
 
“Senior business leaders need to assess their company privacy risk and avoid becoming a high profile example of the damage that can result from misuse or loss of consumer data,” he added.
 
According to Edelman, the ePRI revealed a lack of preparedness in managing the potential financial and reputational damage relating to the loss or misuse of personal information. Businesses, particularly at a senior level, are not reacting quickly enough to data and security risk (click on image to enlarge).
 
The study found that over half (57%) of respondents think their organization does not consider privacy and the protection of personal information to be a corporate priority.
 
In addition, the study also found that:

• Six out of ten (61%) companies do not strictly enforce all levels of compliance with laws and regulations.
• 62% say their organization does not have the expertise, training or technology.
• 55% say the adequate resources, to protect personal information.
• 57 % of respondents believe their company is not transparent about what it does with employee and customer information
• 61% are slow to respond to consumer and regulator complaints about privacy.

Pete Pedersen, global chair, Technology practice, Edelman said the findings shine a light on the worrying void between business’ privacy practices and consumer expectations about how their personal data is handled.
 
“From a communications and stakeholder engagement point of view, what is most concerning is the lack of clarity and transparency about these practices,” said Pedersen.
 
The research also highlighted a lack of awareness of the potential risks related to data security and privacy incidents. Over half (53%) of respondents think a data breach would not adversely impact their reputation or financial position.
 
Additionally, 57% of organizations believe that employees do not understand the importance of privacy and two thirds do not make an effort to educate employees about privacy and security issues
 
The results are in stark contrast to the growing consumer and regulatory pressure on companies to handle personal data responsibly and securely.
 
Companies will see increased regulatory scrutiny due to new legislation in the European Union, Latin America and Asia, as well as increased enforcement by the Federal Trade Commission in the United States
 
According to Edelman, the premium on privacy is more than just a compliance or communications issue — it also affects a company’s bottom line.
 
An earlier study by Edelman, Privacy & Security: The New Drivers of Brand, Reputation and Action Global Insights 2012, released in March of this year revealed that 85% of consumers around the world feel companies need to take data security and privacy more seriously.
 
Consumers say they would drop services if their personal information is accessed without their permission. Eight out of ten consumers would consider leaving a banking institution that did so, and nearly seven in ten would leave a healthcare provider.
 
Nearly half (46%) of those surveyed report leaving or avoiding companies that have suffered a security breach.
 
In addition, 70% of people are more concerned about privacy than they were five years ago and 68% feel they have lost control over how their information is shared and used by businesses.
 
Ben Boyd, global chair, Corporate practice, Edelman said with the growing level of consumer, media and regulatory attention currently focused on privacy, businesses simply cannot afford to risk the reputational and financial damage that may result from a lack of attention to this business critical need.
 
“Rather, we see an opportunity for businesses to grow confidence and trust in their brands through thoughtful privacy and data management,” said Boyd.
 
In conjunction with the study, Edelman has released an online benchmarking tool, which enables businesses to quickly benchmark their own privacy risk based on the data.
 
The online tool provides a Privacy Risk Index score, with a high risk score indicating a company is more likely to suffer reputation damage or economic losses as a result of a privacy-related problems and incidents.
 
To read the white paper on the topic, click here.